IPSEC has deadlocks/Timeouts ?! with 1.23
-
Hello,
all IPSEC Tunnels are up and running with 1.23, time delays between the tunnel endpoints are also OK, but all 5 seconds e.g. RDP Sessions have timeouts…. during this timeouts the pings are OK. I don´t know why??
I have tested Seth "image" with the ipsec changes and all runs fine. I think, a modification in 7.1 make this trouble....
I have made a downgrade to 1.22 and the IPSEC works as it should!
Regards
Heiko -
Actually you need to adjust some sysctl of end interface which specify what gets filtered. This are on 2.0 already
-
What can i do? Concretely? :'(
Thanks Ermal?
-
In /etc/rc.bootup add there near the comment
/* start IPsec tunnels */exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000000");
exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000001");
exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000000");
exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000002");save and reboot.
-
Great Thanks!
I will try!
-
I have made the changes in rc.bootup and it looks good for the first test!
But i wouldn´t make this changes to any of my pfsenses…. ;) Is it possible to make a "commit" in 1.23??
-
I'm using 2.0 on a alix and am having these same issues. I looked in the rc.bootup file and these statements are not listed. when I edit the file I cannot save because it tells me it is a read only file. Is it because it is an embedded firmware or lack of knowledge using VI? I first tried to do this in the gui and in failing moved to command line using VI.
thanks,
Jim -
please post on 2.0 and those commands are already there.